Cryptanalysis of simple three-party key exchange protocol

被引：58

作者：

Guo, Hua ^{[1
]}

Li, Zhoujun ^{[1
]}

Mu, Yi ^{[2
]}

Zhang, Xiyong ^{[3
]}

机构：

[1] Beihang Univ, Sch Engn & Comp Sci, Beijing 100083, Peoples R China

[2] Univ Wollongong, Sch Comp Sci Software Engn, Ctr Comp & Informat Secur Res, Wollongong, NSW 2522, Australia

[3] Informat Engn Univ, Dept Appl Math, Zhengzhou 450002, Peoples R China

来源：

COMPUTERS & SECURITY | 2008年 / 27卷 / 1-2期

关键词：

password-authenticated key exchange; cryptanalysis; security; dictionary attack; man-in-the-middle attack;

D O I：

10.1016/j.cose.2008.03.001

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol. (c) 2008 Elsevier Ltd. All rights reserved.

引用

页码：16 / 21

页数：6

共 18 条

[1] Abdalla M, 2005, LECT NOTES COMPUT SC, V3386, P65
[2] Abdalla M, 2005, LECT NOTES COMPUT SC, V3570, P341
[3] Abdalla M, 2005, LECT NOTES COMPUT SC, V3376, P191
[4] [Anonymous], ACM OPERATING SYSTEM
[5] BOYD C, 2003, PROTOCOLS AUTHENTICA
[6] Byun JW, 2006, LECT NOTES COMPUT SC, V3841, P830
[7] A novel three-party encrypted key exchange protocol
Chang, CC
Chang, YF
[J]. COMPUTER STANDARDS & INTERFACES, 2004, 26 (05) : 471 - 476
[8] An efficient protocol for authenticated key agreement
Law, L
Menezes, A
Qu, MH
Solinas, J
Vanstone, S
[J]. DESIGNS CODES AND CRYPTOGRAPHY, 2003, 28 (02) : 119 - 134
[9] Efficient verifier-based key agreement protocol for three parties without server's public key
Lee, SW
Kim, HS
Yoo, KY
[J]. APPLIED MATHEMATICS AND COMPUTATION, 2005, 167 (02) : 996 - 1003
[10] Enhanced three-party encrypted key exchange without server public keys
Lee, TF
Hwang, T
Lin, CL
[J]. COMPUTERS & SECURITY, 2004, 23 (07) : 571 - 577

← 1 2 →